-
-
Save andrewnimmo/53a2769c6371743f3e9c0d4996320725 to your computer and use it in GitHub Desktop.
DKIM headers in Exim
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
acl_check_dkim: | |
# Skip this whole acl if header.d contains an @ sign because exim is | |
# breaking down the header.i part (which usually is an email address) | |
# bit by bit, working towards just the domain name. | |
accept condition = ${if match{$dkim_cur_signer}{\N@\N}} | |
accept dkim_status = none | |
sender_domains = KNOWN_DKIM_SIGNERS | |
dkim_signers = KNOWN_DKIM_SIGNERS | |
condition = ${if eqi{$sender_address_domain}{$dkim_cur_signer} {yes}{no}} | |
log_message = Possible DKIM Forgery: Unsigned message from $sender_address_domain | |
add_header = :at_start:X-DKIM: Exim $version_number on $primary_hostname (no dkim signature for required domain: $dkim_cur_signer) | |
accept dkim_status = none | |
!sender_domains = KNOWN_DKIM_SIGNERS | |
!dkim_signers = KNOWN_DKIM_SIGNERS | |
set acl_m_dkim_hdr = 1 | |
add_header = :at_start:X-DKIM: Exim $version_number on $primary_hostname (no dkim signature for $dkim_cur_signer) | |
warn condition = ${if eq {$acl_m_dkim_hdr}{1} {no}{yes}} | |
set acl_m_dkim_hdr = 1 | |
add_header = :at_start:X-DKIM: Exim $version_number on $primary_hostname | |
accept dkim_status = pass | |
add_header = :at_start:Authentication-Results: $primary_hostname; dkim=$dkim_verify_status header.d=$dkim_cur_signer header.i=$dkim_identity header.s=$dkim_selector | |
warn dkim_status = invalid : fail | |
add_header = :at_start:Authentication-Results: $primary_hostname; dkim=$dkim_verify_status header.d=$dkim_cur_signer header.i=$dkim_identity header.s=$dkim_selector reason="$dkim_verify_reason" | |
deny dkim_status = fail | |
sender_domains = KNOWN_DKIM_SIGNERS | |
dkim_signers = KNOWN_DKIM_SIGNERS | |
condition = ${if eq {$dkim_key_testing}{1} {no}{yes}} | |
message = Rejected: $dkim_verify_reason | |
accept |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment